Search criteria
36 vulnerabilities found for dcp-portal by codeworx_technologies
FKIE_CVE-2006-4837
Vulnerability from fkie_nvd - Published: 2006-09-15 22:07 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codeworx_technologies | dcp-portal | se_6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:se_6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C709CD59-67A8-4353-BA87-554B78C34F92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de PHP remoto en el fichero de inclusi\u00f3n en DCP-Portal SE 6.0 permite a un atacante remoto ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de la URL en el par\u00e1metro root en (1)library/lib.php y (2)library/editor/editor.php. NOTA: la misma edici\u00f3n primaria se puede utilizar para el acceso completo del camino con un par\u00e1metro inv\u00e1lido que revele el camino de la instalaci\u00f3n en un mensaje de error."
}
],
"id": "CVE-2006-4837",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-15T22:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1585"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/437510/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/1905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/437510/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/1905"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4838
Vulnerability from fkie_nvd - Published: 2006-09-15 22:07 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codeworx_technologies | dcp-portal | se_6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:se_6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C709CD59-67A8-4353-BA87-554B78C34F92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en DCP-Portal 6.0 permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (1) root_url y(2) par\u00e1metros dcp_version en (a) admin/inc/footer.inc.php, y el root_url, (3) page_top_name, (4) page_name, y (5) par\u00e1metros de page_options en(b) admin/inc/header.inc.php."
}
],
"id": "CVE-2006-4838",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-15T22:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1585"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20024"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4836
Vulnerability from fkie_nvd - Published: 2006-09-15 22:07 - Updated: 2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codeworx_technologies | dcp-portal | se_6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:se_6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C709CD59-67A8-4353-BA87-554B78C34F92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en login.php en DCP-Portal SE 6.0 permite a un atacante remoto ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro username. NOTA: los vectores lostpassword.php y calendar.php est\u00e1n incluidos en CVE-2005-3365, y el vector search.php est\u00e1 cubierto por CVE-2005-4227."
}
],
"evaluatorSolution": "if magic_qoutes_gpc = off\r\n",
"id": "CVE-2006-4836",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-15T22:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1585"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20024"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1120
Vulnerability from fkie_nvd - Published: 2006-03-09 21:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codeworx_technologies | dcp-portal | 3.7 | |
| codeworx_technologies | dcp-portal | 4.0 | |
| codeworx_technologies | dcp-portal | 4.1 | |
| codeworx_technologies | dcp-portal | 4.2 | |
| codeworx_technologies | dcp-portal | 4.5.1 | |
| codeworx_technologies | dcp-portal | 5.0.1 | |
| codeworx_technologies | dcp-portal | 5.0.2 | |
| codeworx_technologies | dcp-portal | 5.1 | |
| codeworx_technologies | dcp-portal | 5.2 | |
| codeworx_technologies | dcp-portal | 5.3 | |
| codeworx_technologies | dcp-portal | 5.3.1 | |
| codeworx_technologies | dcp-portal | 5.3.2 | |
| codeworx_technologies | dcp-portal | 6.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BE39E96D-B870-49FB-8C7C-7E829BA916B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0D7706-EEB2-4898-A0EA-7BD198965E73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "356E5CEC-CCBD-4438-992A-29B53F3F6A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "389B778A-EB0A-4BEC-9023-2190BCDAB746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F4000-ED33-48F9-92BA-2629C5BAD709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7A0D86-BA93-4889-9242-A535C8F53E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57026D15-982E-4816-A4CB-960852D7006F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79713BBA-FC4F-4445-B888-656A4DF6C2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1D9D8F-FD72-4B51-817A-7A807750D3B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "156DC7CD-FFEA-4225-BE58-6DEFEDCB1730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92241B71-C6B6-4B85-96A8-726CC04E3F4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F26F19B-4F47-475E-AD58-D8964C0BF8E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC2BC46-D988-4502-9C35-139992142043",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511."
}
],
"id": "CVE-2006-1120",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-09T21:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/392"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23976"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23977"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23978"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23979"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23980"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23981"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-001.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/427175/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17050"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/427175/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25279"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-0220
Vulnerability from fkie_nvd - Published: 2006-01-16 21:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codeworx_technologies | dcp-portal | 5.3 | |
| codeworx_technologies | dcp-portal | 5.3.1 | |
| codeworx_technologies | dcp-portal | 5.3.2 | |
| codeworx_technologies | dcp-portal | 6.0 | |
| codeworx_technologies | dcp-portal | 6.1 | |
| codeworx_technologies | dcp-portal | 6.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "156DC7CD-FFEA-4225-BE58-6DEFEDCB1730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92241B71-C6B6-4B85-96A8-726CC04E3F4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F26F19B-4F47-475E-AD58-D8964C0BF8E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E7F57E2-E38E-4575-8C95-5E2FAC7D919D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "905B0FF8-984D-4EA6-B867-2B3CE1874DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC2BC46-D988-4502-9C35-139992142043",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13."
}
],
"id": "CVE-2006-0220",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-16T21:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/421914/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/16232"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/421914/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/16232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24153"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-4227
Vulnerability from fkie_nvd - Published: 2005-12-14 11:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php. NOTE: other vectors in the PHP-CHECKER report are also covered by CVE-2005-3365 and CVE-2005-0454.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codeworx_technologies | dcp-portal | 3.7 | |
| codeworx_technologies | dcp-portal | 4.0 | |
| codeworx_technologies | dcp-portal | 4.1 | |
| codeworx_technologies | dcp-portal | 4.2 | |
| codeworx_technologies | dcp-portal | 4.5.1 | |
| codeworx_technologies | dcp-portal | 5.0.1 | |
| codeworx_technologies | dcp-portal | 5.0.2 | |
| codeworx_technologies | dcp-portal | 5.1 | |
| codeworx_technologies | dcp-portal | 5.2 | |
| codeworx_technologies | dcp-portal | 5.3 | |
| codeworx_technologies | dcp-portal | 5.3.1 | |
| codeworx_technologies | dcp-portal | 5.3.2 | |
| codeworx_technologies | dcp-portal | 6.0 | |
| codeworx_technologies | dcp-portal | 6.1 | |
| codeworx_technologies | dcp-portal | 6.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BE39E96D-B870-49FB-8C7C-7E829BA916B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0D7706-EEB2-4898-A0EA-7BD198965E73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "356E5CEC-CCBD-4438-992A-29B53F3F6A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "389B778A-EB0A-4BEC-9023-2190BCDAB746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F4000-ED33-48F9-92BA-2629C5BAD709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7A0D86-BA93-4889-9242-A535C8F53E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57026D15-982E-4816-A4CB-960852D7006F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79713BBA-FC4F-4445-B888-656A4DF6C2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1D9D8F-FD72-4B51-817A-7A807750D3B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "156DC7CD-FFEA-4225-BE58-6DEFEDCB1730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92241B71-C6B6-4B85-96A8-726CC04E3F4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F26F19B-4F47-475E-AD58-D8964C0BF8E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E7F57E2-E38E-4575-8C95-5E2FAC7D919D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "905B0FF8-984D-4EA6-B867-2B3CE1874DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC2BC46-D988-4502-9C35-139992142043",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple \"potential\" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php. NOTE: other vectors in the PHP-CHECKER report are also covered by CVE-2005-3365 and CVE-2005-0454."
}
],
"id": "CVE-2005-4227",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-14T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12751"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22017"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22018"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22019"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22020"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22021"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22022"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22023"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22024"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22025"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22026"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22027"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22028"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22029"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22030"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22031"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15183"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2863"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3365
Vulnerability from fkie_nvd - Published: 2005-10-30 14:34 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codeworx_technologies | dcp-portal | 3.7 | |
| codeworx_technologies | dcp-portal | 4.0 | |
| codeworx_technologies | dcp-portal | 4.1 | |
| codeworx_technologies | dcp-portal | 4.2 | |
| codeworx_technologies | dcp-portal | 4.5.1 | |
| codeworx_technologies | dcp-portal | 5.0.1 | |
| codeworx_technologies | dcp-portal | 5.0.2 | |
| codeworx_technologies | dcp-portal | 5.1 | |
| codeworx_technologies | dcp-portal | 5.2 | |
| codeworx_technologies | dcp-portal | 5.3 | |
| codeworx_technologies | dcp-portal | 5.3.1 | |
| codeworx_technologies | dcp-portal | 5.3.2 | |
| codeworx_technologies | dcp-portal | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BE39E96D-B870-49FB-8C7C-7E829BA916B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0D7706-EEB2-4898-A0EA-7BD198965E73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "356E5CEC-CCBD-4438-992A-29B53F3F6A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "389B778A-EB0A-4BEC-9023-2190BCDAB746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F4000-ED33-48F9-92BA-2629C5BAD709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7A0D86-BA93-4889-9242-A535C8F53E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57026D15-982E-4816-A4CB-960852D7006F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79713BBA-FC4F-4445-B888-656A4DF6C2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1D9D8F-FD72-4B51-817A-7A807750D3B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "156DC7CD-FFEA-4225-BE58-6DEFEDCB1730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92241B71-C6B6-4B85-96A8-726CC04E3F4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F26F19B-4F47-475E-AD58-D8964C0BF8E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E7F57E2-E38E-4575-8C95-5E2FAC7D919D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11."
}
],
"id": "CVE-2005-3365",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-30T14:34:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113017151829342\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12751/"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/108"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20493"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20494"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15183"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27167"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39447"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113017151829342\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12751/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4853"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-0454
Vulnerability from fkie_nvd - Published: 2005-05-02 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codeworx_technologies | dcp-portal | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84EE54DF-D100-4180-B39A-1B12BA384BBD",
"versionEndIncluding": "6.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php."
}
],
"id": "CVE-2005-0454",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110858497207809\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/108"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1013216"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.hackgen.org/advisories/hackgen-2005-003.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12573"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110858497207809\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1013216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.hackgen.org/advisories/hackgen-2005-003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19361"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-2512
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codeworx_technologies | dcp-portal | * | |
| codeworx_technologies | dcp-portal | 3.7 | |
| codeworx_technologies | dcp-portal | 4.0 | |
| codeworx_technologies | dcp-portal | 4.1 | |
| codeworx_technologies | dcp-portal | 4.2 | |
| codeworx_technologies | dcp-portal | 4.5.1 | |
| codeworx_technologies | dcp-portal | 5.0.1 | |
| codeworx_technologies | dcp-portal | 5.0.2 | |
| codeworx_technologies | dcp-portal | 5.1 | |
| codeworx_technologies | dcp-portal | 5.2 | |
| codeworx_technologies | dcp-portal | 5.3 | |
| codeworx_technologies | dcp-portal | 5.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07FEC555-10D0-408F-B7EE-3745728856AC",
"versionEndIncluding": "5.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BE39E96D-B870-49FB-8C7C-7E829BA916B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0D7706-EEB2-4898-A0EA-7BD198965E73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "356E5CEC-CCBD-4438-992A-29B53F3F6A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "389B778A-EB0A-4BEC-9023-2190BCDAB746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F4000-ED33-48F9-92BA-2629C5BAD709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7A0D86-BA93-4889-9242-A535C8F53E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57026D15-982E-4816-A4CB-960852D7006F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79713BBA-FC4F-4445-B888-656A4DF6C2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1D9D8F-FD72-4B51-817A-7A807750D3B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "156DC7CD-FFEA-4225-BE58-6DEFEDCB1730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92241B71-C6B6-4B85-96A8-726CC04E3F4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF (\"%0d%0a\") sequences in the PHPSESSID parameter."
}
],
"id": "CVE-2004-2512",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12751"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011481"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/10591"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/11340"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/10591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/11340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17640"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-2511
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codeworx_technologies | dcp-portal | * | |
| codeworx_technologies | dcp-portal | 3.7 | |
| codeworx_technologies | dcp-portal | 4.0 | |
| codeworx_technologies | dcp-portal | 4.1 | |
| codeworx_technologies | dcp-portal | 4.2 | |
| codeworx_technologies | dcp-portal | 4.5.1 | |
| codeworx_technologies | dcp-portal | 5.0.1 | |
| codeworx_technologies | dcp-portal | 5.0.2 | |
| codeworx_technologies | dcp-portal | 5.1 | |
| codeworx_technologies | dcp-portal | 5.2 | |
| codeworx_technologies | dcp-portal | 5.3 | |
| codeworx_technologies | dcp-portal | 5.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07FEC555-10D0-408F-B7EE-3745728856AC",
"versionEndIncluding": "5.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BE39E96D-B870-49FB-8C7C-7E829BA916B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0D7706-EEB2-4898-A0EA-7BD198965E73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "356E5CEC-CCBD-4438-992A-29B53F3F6A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "389B778A-EB0A-4BEC-9023-2190BCDAB746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F4000-ED33-48F9-92BA-2629C5BAD709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7A0D86-BA93-4889-9242-A535C8F53E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57026D15-982E-4816-A4CB-960852D7006F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79713BBA-FC4F-4445-B888-656A4DF6C2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1D9D8F-FD72-4B51-817A-7A807750D3B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "156DC7CD-FFEA-4225-BE58-6DEFEDCB1730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92241B71-C6B6-4B85-96A8-726CC04E3F4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php."
}
],
"id": "CVE-2004-2511",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12751"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1006351"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/10585"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/10587"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/10588"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/10589"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/10590"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/11405"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/11338"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/11339"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17638"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1006351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/10585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/10587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/10588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/10589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/10590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/11405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/11338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/11339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17639"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2006-4837 (GCVE-0-2006-4837)
Vulnerability from cvelistv5 – Published: 2006-09-15 22:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20060613 [Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437510/100/200/threaded"
},
{
"name": "20024",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1585"
},
{
"name": "1905",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20060613 [Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437510/100/200/threaded"
},
{
"name": "20024",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1585"
},
{
"name": "1905",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20060613 [Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437510/100/200/threaded"
},
{
"name": "20024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1585"
},
{
"name": "1905",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4837",
"datePublished": "2006-09-15T22:00:00",
"dateReserved": "2006-09-15T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4836 (GCVE-0-2006-4836)
Vulnerability from cvelistv5 – Published: 2006-09-15 22:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20024",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20024",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4836",
"datePublished": "2006-09-15T22:00:00",
"dateReserved": "2006-09-15T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4838 (GCVE-0-2006-4838)
Vulnerability from cvelistv5 – Published: 2006-09-15 22:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20024",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20024",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4838",
"datePublished": "2006-09-15T22:00:00",
"dateReserved": "2006-09-15T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1120 (GCVE-0-2006-1120)
Vulnerability from cvelistv5 – Published: 2006-03-09 21:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "dcpportal-multiple-scripts-xss(25279)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25279"
},
{
"name": "23979",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23979"
},
{
"name": "23981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23981"
},
{
"name": "20060309 DCP Portal: Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427175/100/0/threaded"
},
{
"name": "23980",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23980"
},
{
"name": "17050",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17050"
},
{
"name": "392",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/392"
},
{
"name": "23978",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23978"
},
{
"name": "23976",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23976"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-001.txt"
},
{
"name": "23977",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "dcpportal-multiple-scripts-xss(25279)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25279"
},
{
"name": "23979",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23979"
},
{
"name": "23981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23981"
},
{
"name": "20060309 DCP Portal: Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427175/100/0/threaded"
},
{
"name": "23980",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23980"
},
{
"name": "17050",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17050"
},
{
"name": "392",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/392"
},
{
"name": "23978",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23978"
},
{
"name": "23976",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23976"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-001.txt"
},
{
"name": "23977",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dcpportal-multiple-scripts-xss(25279)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25279"
},
{
"name": "23979",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23979"
},
{
"name": "23981",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23981"
},
{
"name": "20060309 DCP Portal: Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427175/100/0/threaded"
},
{
"name": "23980",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23980"
},
{
"name": "17050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17050"
},
{
"name": "392",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/392"
},
{
"name": "23978",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23978"
},
{
"name": "23976",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23976"
},
{
"name": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-001.txt",
"refsource": "MISC",
"url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-001.txt"
},
{
"name": "23977",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1120",
"datePublished": "2006-03-09T21:00:00",
"dateReserved": "2006-03-09T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0220 (GCVE-0-2006-0220)
Vulnerability from cvelistv5 – Published: 2006-01-16 21:00 – Updated: 2024-08-07 16:25
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16232"
},
{
"name": "dcpportal-calendar-search-xss(24153)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24153"
},
{
"name": "20060113 DCP Portal Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421914/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16232"
},
{
"name": "dcpportal-calendar-search-xss(24153)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24153"
},
{
"name": "20060113 DCP Portal Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421914/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16232"
},
{
"name": "dcpportal-calendar-search-xss(24153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24153"
},
{
"name": "20060113 DCP Portal Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421914/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0220",
"datePublished": "2006-01-16T21:00:00",
"dateReserved": "2006-01-16T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4227 (GCVE-0-2005-4227)
Vulnerability from cvelistv5 – Published: 2005-12-14 11:00 – Updated: 2024-08-07 23:38
VLAI?
Summary
Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php. NOTE: other vectors in the PHP-CHECKER report are also covered by CVE-2005-3365 and CVE-2005-0454.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22021"
},
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "22028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22028"
},
{
"name": "22027",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22027"
},
{
"name": "22017",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22017"
},
{
"name": "22025",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22025"
},
{
"name": "22026",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22026"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12751"
},
{
"name": "22020",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22020"
},
{
"name": "22031",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22031"
},
{
"name": "22030",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22030"
},
{
"name": "22023",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22023"
},
{
"name": "22024",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22024"
},
{
"name": "15183",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15183"
},
{
"name": "dcpportal-multiple-php-sql-injection(22855)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "ADV-2005-2863",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2863"
},
{
"name": "22019",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22019"
},
{
"name": "20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"name": "22022",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22022"
},
{
"name": "22029",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22029"
},
{
"name": "22018",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple \"potential\" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php. NOTE: other vectors in the PHP-CHECKER report are also covered by CVE-2005-3365 and CVE-2005-0454."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22021"
},
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "22028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22028"
},
{
"name": "22027",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22027"
},
{
"name": "22017",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22017"
},
{
"name": "22025",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22025"
},
{
"name": "22026",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22026"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12751"
},
{
"name": "22020",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22020"
},
{
"name": "22031",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22031"
},
{
"name": "22030",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22030"
},
{
"name": "22023",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22023"
},
{
"name": "22024",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22024"
},
{
"name": "15183",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15183"
},
{
"name": "dcpportal-multiple-php-sql-injection(22855)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "ADV-2005-2863",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2863"
},
{
"name": "22019",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22019"
},
{
"name": "20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"name": "22022",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22022"
},
{
"name": "22029",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22029"
},
{
"name": "22018",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple \"potential\" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php. NOTE: other vectors in the PHP-CHECKER report are also covered by CVE-2005-3365 and CVE-2005-0454."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22021",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22021"
},
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "22028",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22028"
},
{
"name": "22027",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22027"
},
{
"name": "22017",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22017"
},
{
"name": "22025",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22025"
},
{
"name": "22026",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22026"
},
{
"name": "12751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12751"
},
{
"name": "22020",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22020"
},
{
"name": "22031",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22031"
},
{
"name": "22030",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22030"
},
{
"name": "22023",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22023"
},
{
"name": "22024",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22024"
},
{
"name": "15183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15183"
},
{
"name": "dcpportal-multiple-php-sql-injection(22855)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
},
{
"name": "http://glide.stanford.edu/yichen/research/sec.pdf",
"refsource": "MISC",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "ADV-2005-2863",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2863"
},
{
"name": "22019",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22019"
},
{
"name": "20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"name": "22022",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22022"
},
{
"name": "22029",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22029"
},
{
"name": "22018",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4227",
"datePublished": "2005-12-14T11:00:00",
"dateReserved": "2005-12-14T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3365 (GCVE-0-2005-3365)
Vulnerability from cvelistv5 – Published: 2005-10-29 19:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20493"
},
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "108",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/108"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12751/"
},
{
"name": "4853",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4853"
},
{
"name": "20494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20494"
},
{
"name": "15183",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15183"
},
{
"name": "dcpportal-multiple-php-sql-injection(22855)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "20051024 DCP - portal XSS \u0026 SQL attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113017151829342\u0026w=2"
},
{
"name": "dcpportal-index-sql-injection(39447)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39447"
},
{
"name": "27167",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27167"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20493"
},
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "108",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/108"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12751/"
},
{
"name": "4853",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4853"
},
{
"name": "20494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20494"
},
{
"name": "15183",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15183"
},
{
"name": "dcpportal-multiple-php-sql-injection(22855)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "20051024 DCP - portal XSS \u0026 SQL attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113017151829342\u0026w=2"
},
{
"name": "dcpportal-index-sql-injection(39447)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39447"
},
{
"name": "27167",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27167"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20493",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20493"
},
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "108",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/108"
},
{
"name": "12751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12751/"
},
{
"name": "4853",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4853"
},
{
"name": "20494",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20494"
},
{
"name": "15183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15183"
},
{
"name": "dcpportal-multiple-php-sql-injection(22855)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
},
{
"name": "http://glide.stanford.edu/yichen/research/sec.pdf",
"refsource": "MISC",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "20051024 DCP - portal XSS \u0026 SQL attacks",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113017151829342\u0026w=2"
},
{
"name": "dcpportal-index-sql-injection(39447)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39447"
},
{
"name": "27167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27167"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3365",
"datePublished": "2005-10-29T19:00:00",
"dateReserved": "2005-10-29T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2511 (GCVE-0-2004-2511)
Vulnerability from cvelistv5 – Published: 2005-10-25 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11338"
},
{
"name": "10587",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10587"
},
{
"name": "dcpportal-post-xss(17639)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17639"
},
{
"name": "10588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10588"
},
{
"name": "1006351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1006351"
},
{
"name": "10589",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10589"
},
{
"name": "11339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11339"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12751"
},
{
"name": "10585",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10585"
},
{
"name": "10590",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10590"
},
{
"name": "11405",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11405"
},
{
"name": "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
},
{
"name": "dcpportal-get-xss(17638)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17638"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11338"
},
{
"name": "10587",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10587"
},
{
"name": "dcpportal-post-xss(17639)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17639"
},
{
"name": "10588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10588"
},
{
"name": "1006351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1006351"
},
{
"name": "10589",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10589"
},
{
"name": "11339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11339"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12751"
},
{
"name": "10585",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10585"
},
{
"name": "10590",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10590"
},
{
"name": "11405",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11405"
},
{
"name": "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
},
{
"name": "dcpportal-get-xss(17638)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17638"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11338"
},
{
"name": "10587",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10587"
},
{
"name": "dcpportal-post-xss(17639)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17639"
},
{
"name": "10588",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10588"
},
{
"name": "1006351",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1006351"
},
{
"name": "10589",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10589"
},
{
"name": "11339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11339"
},
{
"name": "12751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12751"
},
{
"name": "10585",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10585"
},
{
"name": "10590",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10590"
},
{
"name": "11405",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11405"
},
{
"name": "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
},
{
"name": "dcpportal-get-xss(17638)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17638"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2511",
"datePublished": "2005-10-25T04:00:00",
"dateReserved": "2005-10-25T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2512 (GCVE-0-2004-2512)
Vulnerability from cvelistv5 – Published: 2005-10-25 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10591",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10591"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12751"
},
{
"name": "11340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11340"
},
{
"name": "1011481",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011481"
},
{
"name": "dcpportal-phpsessid-response-splitting(17640)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17640"
},
{
"name": "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF (\"%0d%0a\") sequences in the PHPSESSID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10591",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10591"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12751"
},
{
"name": "11340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11340"
},
{
"name": "1011481",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011481"
},
{
"name": "dcpportal-phpsessid-response-splitting(17640)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17640"
},
{
"name": "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF (\"%0d%0a\") sequences in the PHPSESSID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10591",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10591"
},
{
"name": "12751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12751"
},
{
"name": "11340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11340"
},
{
"name": "1011481",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011481"
},
{
"name": "dcpportal-phpsessid-response-splitting(17640)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17640"
},
{
"name": "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2512",
"datePublished": "2005-10-25T04:00:00",
"dateReserved": "2005-10-25T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0454 (GCVE-0-2005-0454)
Vulnerability from cvelistv5 – Published: 2005-02-16 05:00 – Updated: 2024-08-07 21:13
VLAI?
Summary
Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "12573",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12573"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hackgen.org/advisories/hackgen-2005-003.txt"
},
{
"name": "108",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/108"
},
{
"name": "dcpportal-multiple-sql-injection(19361)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19361"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "20050216 [hackgen-2005-#003] - SQL injection bugs in DCP-Portal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110858497207809\u0026w=2"
},
{
"name": "1013216",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "12573",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12573"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hackgen.org/advisories/hackgen-2005-003.txt"
},
{
"name": "108",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/108"
},
{
"name": "dcpportal-multiple-sql-injection(19361)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19361"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "20050216 [hackgen-2005-#003] - SQL injection bugs in DCP-Portal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110858497207809\u0026w=2"
},
{
"name": "1013216",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013216"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "12573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12573"
},
{
"name": "http://www.hackgen.org/advisories/hackgen-2005-003.txt",
"refsource": "MISC",
"url": "http://www.hackgen.org/advisories/hackgen-2005-003.txt"
},
{
"name": "108",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/108"
},
{
"name": "dcpportal-multiple-sql-injection(19361)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19361"
},
{
"name": "http://glide.stanford.edu/yichen/research/sec.pdf",
"refsource": "MISC",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "20050216 [hackgen-2005-#003] - SQL injection bugs in DCP-Portal",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110858497207809\u0026w=2"
},
{
"name": "1013216",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013216"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0454",
"datePublished": "2005-02-16T05:00:00",
"dateReserved": "2005-02-16T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4837 (GCVE-0-2006-4837)
Vulnerability from nvd – Published: 2006-09-15 22:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20060613 [Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437510/100/200/threaded"
},
{
"name": "20024",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1585"
},
{
"name": "1905",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20060613 [Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437510/100/200/threaded"
},
{
"name": "20024",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1585"
},
{
"name": "1905",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20060613 [Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437510/100/200/threaded"
},
{
"name": "20024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1585"
},
{
"name": "1905",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4837",
"datePublished": "2006-09-15T22:00:00",
"dateReserved": "2006-09-15T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4836 (GCVE-0-2006-4836)
Vulnerability from nvd – Published: 2006-09-15 22:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20024",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20024",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4836",
"datePublished": "2006-09-15T22:00:00",
"dateReserved": "2006-09-15T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4838 (GCVE-0-2006-4838)
Vulnerability from nvd – Published: 2006-09-15 22:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20024",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20024",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4838",
"datePublished": "2006-09-15T22:00:00",
"dateReserved": "2006-09-15T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1120 (GCVE-0-2006-1120)
Vulnerability from nvd – Published: 2006-03-09 21:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "dcpportal-multiple-scripts-xss(25279)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25279"
},
{
"name": "23979",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23979"
},
{
"name": "23981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23981"
},
{
"name": "20060309 DCP Portal: Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427175/100/0/threaded"
},
{
"name": "23980",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23980"
},
{
"name": "17050",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17050"
},
{
"name": "392",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/392"
},
{
"name": "23978",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23978"
},
{
"name": "23976",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23976"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-001.txt"
},
{
"name": "23977",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "dcpportal-multiple-scripts-xss(25279)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25279"
},
{
"name": "23979",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23979"
},
{
"name": "23981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23981"
},
{
"name": "20060309 DCP Portal: Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427175/100/0/threaded"
},
{
"name": "23980",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23980"
},
{
"name": "17050",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17050"
},
{
"name": "392",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/392"
},
{
"name": "23978",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23978"
},
{
"name": "23976",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23976"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-001.txt"
},
{
"name": "23977",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dcpportal-multiple-scripts-xss(25279)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25279"
},
{
"name": "23979",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23979"
},
{
"name": "23981",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23981"
},
{
"name": "20060309 DCP Portal: Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427175/100/0/threaded"
},
{
"name": "23980",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23980"
},
{
"name": "17050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17050"
},
{
"name": "392",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/392"
},
{
"name": "23978",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23978"
},
{
"name": "23976",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23976"
},
{
"name": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-001.txt",
"refsource": "MISC",
"url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-001.txt"
},
{
"name": "23977",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1120",
"datePublished": "2006-03-09T21:00:00",
"dateReserved": "2006-03-09T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0220 (GCVE-0-2006-0220)
Vulnerability from nvd – Published: 2006-01-16 21:00 – Updated: 2024-08-07 16:25
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16232"
},
{
"name": "dcpportal-calendar-search-xss(24153)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24153"
},
{
"name": "20060113 DCP Portal Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421914/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16232"
},
{
"name": "dcpportal-calendar-search-xss(24153)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24153"
},
{
"name": "20060113 DCP Portal Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421914/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16232"
},
{
"name": "dcpportal-calendar-search-xss(24153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24153"
},
{
"name": "20060113 DCP Portal Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421914/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0220",
"datePublished": "2006-01-16T21:00:00",
"dateReserved": "2006-01-16T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4227 (GCVE-0-2005-4227)
Vulnerability from nvd – Published: 2005-12-14 11:00 – Updated: 2024-08-07 23:38
VLAI?
Summary
Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php. NOTE: other vectors in the PHP-CHECKER report are also covered by CVE-2005-3365 and CVE-2005-0454.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22021"
},
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "22028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22028"
},
{
"name": "22027",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22027"
},
{
"name": "22017",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22017"
},
{
"name": "22025",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22025"
},
{
"name": "22026",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22026"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12751"
},
{
"name": "22020",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22020"
},
{
"name": "22031",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22031"
},
{
"name": "22030",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22030"
},
{
"name": "22023",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22023"
},
{
"name": "22024",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22024"
},
{
"name": "15183",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15183"
},
{
"name": "dcpportal-multiple-php-sql-injection(22855)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "ADV-2005-2863",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2863"
},
{
"name": "22019",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22019"
},
{
"name": "20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"name": "22022",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22022"
},
{
"name": "22029",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22029"
},
{
"name": "22018",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple \"potential\" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php. NOTE: other vectors in the PHP-CHECKER report are also covered by CVE-2005-3365 and CVE-2005-0454."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22021"
},
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "22028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22028"
},
{
"name": "22027",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22027"
},
{
"name": "22017",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22017"
},
{
"name": "22025",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22025"
},
{
"name": "22026",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22026"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12751"
},
{
"name": "22020",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22020"
},
{
"name": "22031",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22031"
},
{
"name": "22030",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22030"
},
{
"name": "22023",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22023"
},
{
"name": "22024",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22024"
},
{
"name": "15183",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15183"
},
{
"name": "dcpportal-multiple-php-sql-injection(22855)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "ADV-2005-2863",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2863"
},
{
"name": "22019",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22019"
},
{
"name": "20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"name": "22022",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22022"
},
{
"name": "22029",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22029"
},
{
"name": "22018",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple \"potential\" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php. NOTE: other vectors in the PHP-CHECKER report are also covered by CVE-2005-3365 and CVE-2005-0454."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22021",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22021"
},
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "22028",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22028"
},
{
"name": "22027",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22027"
},
{
"name": "22017",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22017"
},
{
"name": "22025",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22025"
},
{
"name": "22026",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22026"
},
{
"name": "12751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12751"
},
{
"name": "22020",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22020"
},
{
"name": "22031",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22031"
},
{
"name": "22030",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22030"
},
{
"name": "22023",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22023"
},
{
"name": "22024",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22024"
},
{
"name": "15183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15183"
},
{
"name": "dcpportal-multiple-php-sql-injection(22855)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
},
{
"name": "http://glide.stanford.edu/yichen/research/sec.pdf",
"refsource": "MISC",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "ADV-2005-2863",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2863"
},
{
"name": "22019",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22019"
},
{
"name": "20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"name": "22022",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22022"
},
{
"name": "22029",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22029"
},
{
"name": "22018",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4227",
"datePublished": "2005-12-14T11:00:00",
"dateReserved": "2005-12-14T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3365 (GCVE-0-2005-3365)
Vulnerability from nvd – Published: 2005-10-29 19:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20493"
},
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "108",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/108"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12751/"
},
{
"name": "4853",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4853"
},
{
"name": "20494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20494"
},
{
"name": "15183",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15183"
},
{
"name": "dcpportal-multiple-php-sql-injection(22855)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "20051024 DCP - portal XSS \u0026 SQL attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113017151829342\u0026w=2"
},
{
"name": "dcpportal-index-sql-injection(39447)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39447"
},
{
"name": "27167",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27167"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20493"
},
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "108",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/108"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12751/"
},
{
"name": "4853",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4853"
},
{
"name": "20494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20494"
},
{
"name": "15183",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15183"
},
{
"name": "dcpportal-multiple-php-sql-injection(22855)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "20051024 DCP - portal XSS \u0026 SQL attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113017151829342\u0026w=2"
},
{
"name": "dcpportal-index-sql-injection(39447)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39447"
},
{
"name": "27167",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27167"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20493",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20493"
},
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "108",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/108"
},
{
"name": "12751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12751/"
},
{
"name": "4853",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4853"
},
{
"name": "20494",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20494"
},
{
"name": "15183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15183"
},
{
"name": "dcpportal-multiple-php-sql-injection(22855)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22855"
},
{
"name": "http://glide.stanford.edu/yichen/research/sec.pdf",
"refsource": "MISC",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "20051024 DCP - portal XSS \u0026 SQL attacks",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113017151829342\u0026w=2"
},
{
"name": "dcpportal-index-sql-injection(39447)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39447"
},
{
"name": "27167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27167"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3365",
"datePublished": "2005-10-29T19:00:00",
"dateReserved": "2005-10-29T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2511 (GCVE-0-2004-2511)
Vulnerability from nvd – Published: 2005-10-25 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11338"
},
{
"name": "10587",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10587"
},
{
"name": "dcpportal-post-xss(17639)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17639"
},
{
"name": "10588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10588"
},
{
"name": "1006351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1006351"
},
{
"name": "10589",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10589"
},
{
"name": "11339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11339"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12751"
},
{
"name": "10585",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10585"
},
{
"name": "10590",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10590"
},
{
"name": "11405",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11405"
},
{
"name": "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
},
{
"name": "dcpportal-get-xss(17638)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17638"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11338"
},
{
"name": "10587",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10587"
},
{
"name": "dcpportal-post-xss(17639)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17639"
},
{
"name": "10588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10588"
},
{
"name": "1006351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1006351"
},
{
"name": "10589",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10589"
},
{
"name": "11339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11339"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12751"
},
{
"name": "10585",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10585"
},
{
"name": "10590",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10590"
},
{
"name": "11405",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11405"
},
{
"name": "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
},
{
"name": "dcpportal-get-xss(17638)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17638"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11338"
},
{
"name": "10587",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10587"
},
{
"name": "dcpportal-post-xss(17639)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17639"
},
{
"name": "10588",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10588"
},
{
"name": "1006351",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1006351"
},
{
"name": "10589",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10589"
},
{
"name": "11339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11339"
},
{
"name": "12751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12751"
},
{
"name": "10585",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10585"
},
{
"name": "10590",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10590"
},
{
"name": "11405",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11405"
},
{
"name": "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
},
{
"name": "dcpportal-get-xss(17638)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17638"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2511",
"datePublished": "2005-10-25T04:00:00",
"dateReserved": "2005-10-25T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2512 (GCVE-0-2004-2512)
Vulnerability from nvd – Published: 2005-10-25 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10591",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10591"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12751"
},
{
"name": "11340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11340"
},
{
"name": "1011481",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011481"
},
{
"name": "dcpportal-phpsessid-response-splitting(17640)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17640"
},
{
"name": "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF (\"%0d%0a\") sequences in the PHPSESSID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10591",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10591"
},
{
"name": "12751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12751"
},
{
"name": "11340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11340"
},
{
"name": "1011481",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011481"
},
{
"name": "dcpportal-phpsessid-response-splitting(17640)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17640"
},
{
"name": "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF (\"%0d%0a\") sequences in the PHPSESSID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10591",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10591"
},
{
"name": "12751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12751"
},
{
"name": "11340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11340"
},
{
"name": "1011481",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011481"
},
{
"name": "dcpportal-phpsessid-response-splitting(17640)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17640"
},
{
"name": "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2512",
"datePublished": "2005-10-25T04:00:00",
"dateReserved": "2005-10-25T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0454 (GCVE-0-2005-0454)
Vulnerability from nvd – Published: 2005-02-16 05:00 – Updated: 2024-08-07 21:13
VLAI?
Summary
Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "12573",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12573"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hackgen.org/advisories/hackgen-2005-003.txt"
},
{
"name": "108",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/108"
},
{
"name": "dcpportal-multiple-sql-injection(19361)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19361"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "20050216 [hackgen-2005-#003] - SQL injection bugs in DCP-Portal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110858497207809\u0026w=2"
},
{
"name": "1013216",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "12573",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12573"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hackgen.org/advisories/hackgen-2005-003.txt"
},
{
"name": "108",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/108"
},
{
"name": "dcpportal-multiple-sql-injection(19361)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19361"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "20050216 [hackgen-2005-#003] - SQL injection bugs in DCP-Portal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110858497207809\u0026w=2"
},
{
"name": "1013216",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013216"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "12573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12573"
},
{
"name": "http://www.hackgen.org/advisories/hackgen-2005-003.txt",
"refsource": "MISC",
"url": "http://www.hackgen.org/advisories/hackgen-2005-003.txt"
},
{
"name": "108",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/108"
},
{
"name": "dcpportal-multiple-sql-injection(19361)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19361"
},
{
"name": "http://glide.stanford.edu/yichen/research/sec.pdf",
"refsource": "MISC",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "20050216 [hackgen-2005-#003] - SQL injection bugs in DCP-Portal",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110858497207809\u0026w=2"
},
{
"name": "1013216",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013216"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0454",
"datePublished": "2005-02-16T05:00:00",
"dateReserved": "2005-02-16T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}